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Abstract  -  Although  more  information  than  ever  before  is  available  to  support  the  intelligence 
analyst,  the  vast  proliferation  of  types  of  data,  devices,  and  protocols  makes  it  increasingly 
difficult  to  ensure  that  the  right  information  is  received  by  the  right  people  at  the  right  time. 
Analysts  struggle  to  balance  information  overload  and  an  information  vacuum  depending  on 
their  location  and  available  equipment.  The  ability  to  securely  manage  and  deliver  critical 
knowledge  and  actionable  intelligence  to  the  analyst  regardless  of  device  configuration, 
classification  level  or  location  in  a  reliable  manner,  would  provide  the  analyst  24/7  access  to 
useable  information.  There  are  several  important  components  to  an  intuitive  system  that  can 
provide  timely  information  in  a  user-preferred  manner.  Two  of  these  components:  information 
presentation  based  on  the  user’s  preference  and  requirments  and  the  identification  of  solutions  to 
the  problem  of  secure  information  delivery  across  multiple  security  levels,  will  be  discussed  in 
this  paper. 

1  -  Introduction  and  Background 

The  Intelligence  Community  (IC)  requires  a  secure  method  to  provide  information  in 
many  formats  (text,  images,  video,  etc.)  to  multiple  users,  using  multiple  devices  (cell 
phones,  Personal  Digital  Assistants  (PDA),  computers,  etc.)  over  wireless  and  wired 
communications  channels  with  varied  bandwidths.  One  approach  to  meeting  these 
requirements  is  to  provide  an  innovative,  domain-independent  solution  that  is  easily 
deployed  and  managed,  extensible,  will  provide  both  push  and  pull  of  the  information 
and/or  notifications,  and  automatically  modified  in  accordance  with  security  requirements 
and  the  physical  limitations  of  users’  devices  and  connections.  Information  dissemination 
and  management  is  device,  connection,  and  protocol  dependent.  The  currently  available 
devices  vary  widely  in  size,  hardware  and  software  capabilities,  and  connection  types. 
The  modern  analyst  requires  unified  and  secure  methods  to  deliver  and  manage  critical 
information  flow  that  accommodate  multiple  devices,  connections,  and  protocols;  in 
addition,  the  system  must  be  able  to  accommodate  new  devices  rapidly  and  efficiently. 
The  main  concept  that  this  paper  explores  is  the  development  of  an  extensible,  standards- 
based  software  application  that  can  distribute  secure,  content-filtered  information  in 
differing  formats  to  a  wide  variety  of  mobile  devices,  with  a  variety  of  connection 
bandwidths.  In  simple  terms,  the  objective  is  to  get  the  right  information  to  the  right 
people  at  the  right  time  regardless  of  their  device  and  location. 

A  difficult  issue  associated  with  implementing  a  system  that  leverages  small  hand-held 
devices  is  the  ability  to  automatically  massage  the  data  being  sent  so  that  the  device  can 
receive  and  display  the  information  in  an  intelligible  format.  For  example,  if  an  e-mail 
containing  several  image  attachments  is  sent  to  a  user  utilizing  a  device  that  is  incapable 
of  displaying  images,  then  bandwidth  should  not  be  wasted  sending  large  image  files. 


POSTPRINT 


i 


The  user  might  instead  prefer  to  receive  a  textual  description  or  a  metadata  description  of 
the  image.  While  capabilities  and  hardware  profiles  can  vary  tremendously  across  hand¬ 
held  devices,  users  should  not  have  to  resolve  these  differences.  An  information 
dissemination  platform  must  possess  the  ability  to  automatically  support  the  addition  of 
new  devices,  use  specific  device  capabilities,  and  define  data  transformation  rules.  The 
system  must  have  built-in  intelligence  as  to  ensure  that  the  user  has  access  to  critical 
information  regardless  of  her  profile.  For  purposes  of  this  paper,  the  user’s  profile 
describes  all  of  the  various  attributes  of  the  user’s  device’s  capabilities  (i.e.  device, 
bandwidth,  security  clearances,  and  other  limitations).  Although  more  information  than 
ever  before  is  available  to  support  decision  making,  the  vast  proliferation  of  types  of  data, 
devices  and  protocols  makes  it  increasingly  difficult  to  ensure  that  the  right  information 
is  received  by  the  right  people  at  the  right  time.  From  the  viewpoint  of  the  analyst,  too 
much  information,  not  enough  information,  or  information  that  is  not  properly  formatted, 
can  make  decision-making  more  difficult. 
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Figure  1:  High-Level  example  of  an  architecture  for  an  Information  Dissemination  Platform  (IDP) 

2  -  Describing  a  User’s  Profile 

Device,  data  and  service  provider  descriptions  are  a  vital  part  of  an  information 
dissemination  platform.  In  order  to  optimize  the  delivery  of  information,  characteristics 
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of  the  user’s  environment  must  be  captured.  Is  the  user  sitting  at  a  high  end  desktop 
computer  in  an  office  with  a  T1  internet  capability  or  is  the  user  traveling  in  a  car  with  a 
cell  phone?  While  that  example  offers  the  two  extremes,  several  other  scenarios  in 
between  are  likely  to  occur.  A  system  that  can  map  the  user’s  profile  in  order  to 
determine  the  most  user-preferred  delivery  method  requires  several  databases  or 
ontologies  to  perform.  Aside  from  determining  the  optimal  delivery  method,  the  system 
might  also  consider  allowing  user-defined  thresholds  that  weigh  speed  verses  information 
quality.  In  other  words,  for  a  particular  piece  of  information  is  it  more  important  to  get 
that  information  as  fast  as  possible,  regardless  of  the  quality  of  the  information,  or  take 
longer  to  push  to  the  user,  but  provide  a  more  complete  information  product?  Where  is 
that  line  and  how  do  you  approach  the  convergence  of  the  right  speed  and  ideal 
information?  While  exploring  this  concept  is  beyond  the  essence  of  this  paper,  it  is 
important  to  build  the  foundation  of  the  user’s  profile,  particularly  the  device,  data  and 
connection  descriptions. 

As  the  convergence  of  telecommunications  and  computers  has  matured,  there  have  been 
significant  advancements.  The  pace  of  this  convergence  is  only  accelerating  as  new 
devices  and  technologies  become  available.  Traditional  computing  depends  heavily  upon 
many  known  factors  -  known  devices  (e.g.,  workstations),  known  locations  (e.g.,  desks  in 
an  office)  and  known  capabilities  (e.g.,  consistent  network  bandwidths  and  common 
software  applications).  The  traditional  computing  environment  has  a  relatively 
homogeneous  infrastructure  and  very  little  thought  needs  to  be  given  to  the  capabilities  or 
availability  of  devices  on  the  network.  In  contrast  to  traditional  computing  environments, 
the  rapid  evolution  of  the  telecommunication,  wireless,  and  mobile  computing 
environments  and  the  wide  variety  of  available  devices  and  protocols  has  created  a  very 
heterogeneous  environment.  This  new  environment  has  eliminated  most  of  the  known 
factors  that  were  relied  upon  in  traditional  computing.  A  new  type  of  computing 
infrastructure  is  needed  to  support  this  distributed,  mobile  computing  paradigm.  One  of 
the  more  promising  approaches  for  supporting  this  new  type  of  computing  infrastructure 
is  the  use  of  a  distributed  and  mobile  computing  environment  and  the  use  of  event-driven 
messaging  systems  that  utilize  a  publish  and  subscribe  paradigm  [1],  Under  this  model, 
object  interactions  (e.g.,  the  arrival  of  a  new  intelligence  report,  a  user  request  for 
information,  inventory  stocks  falling  below  a  threshold)  are  treated  as  events  and  users 
identify  the  events  in  which  they  are  interested.  When  an  event  of  interest  occurs, 
information  about  the  event  can  be  pushed  to  the  user  as  an  alert  or  added  to  an 
information  queue  to  be  downloaded  when  the  user  is  online,  based  on  the  user’s 
preferences  and  her  device  capabilities. 

2.1-Current  practices 

There  is  work  being  done  in  the  commercial  world  that  addresses  some  of  the  issues 
associated  with  handling  and  formatting  information  delivered  to  hand-held  devices.  For 
the  most  part,  the  service  providers  handle  text  and  email  by  truncating  the  message 
according  to  their  particular  size  restrictions.  For  instance,  if  the  cell  phone  provider  only 
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allows  256  byte  text  messages,  the  message  will  cut  off  at  the  point  it  exceeds  the  size 
limit  and  either  gets  divided  into  multiple  messages  or  gets  left  off  completely.  Images 
and  video  are  handled  in  a  similar  way.  For  example,  an  image  being  sent  that  is  200KB, 
to  a  device  that  can  only  accept  sizes  less  then  100KB,  may  get  scaled  down  to  100KB  in 
order  to  be  delivered.  This  degrades  the  resolution,  and  therefore  potentially  renders  the 
image  useless. 


2.2-Device  Ontology  Database 

One  approach,  that  has  been  researched  in  depth  by  the  authors,  to  managing  the  push 
and  pull  of  information  to  a  wide  variety  of  smart  devices  is  a  device  ontology.  A  device 
ontology  is  a  database  that  contains  the  format,  security,  and  protocol  information  about 
the  devices  that  would  be  available  to  the  system.  The  device  ontology  maps  the  specific 
protocols  and  requirements  for  a  device  to  a  common  schema  so  intelligence  products  can 
be  automatically  reformatted,  reconfigured,  and  encoded  in  accordance  with  the  device 
specifications.  Smart  mobile  devices  enable  the  opportunity  for  a  user  to  leverage  rapid 
information  dissemination.  They  allow  for  the  right  information  to  be  distributed  to  the 
right  individuals  at  the  right  time.  Unfortunately,  devices  operate  in  a  heterogeneous 
environment.  Manufacturers  offer  a  wide  array  of  devices  to  users  with  a  vast  set  of 
features  and  capabilities.  This  creates  a  great  strain  on  disseminating  information.  While 
simply  distributing  the  lowest  common  denominator  offers  a  solution  to  this  problem,  it  is 
not  an  optimal  one.  Devices  capable  of  receiving  enhanced  forms  of  media  should 
receive  the  most  comprehensive  information  object  possible.  While  this  information 
object  could  simply  be  a  text  message,  it  should  extend  to  a  video  feed  or  similar  means 
of  multimedia  providing  the  most  relevant  information  whenever  possible. 
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Figure  2:  Example  Device  Ontology 


2. 3-Enhancing  the  Device  Ontology 

An  ontology  that  has  become  somewhat  of  a  standard  is  the  Foundation  for  Intelligent 
Physical  Agents  (FIPA)  device  ontology.  The  FIPA  device  ontology  addresses  the 
problem  of  heterogeneous  devices  by  providing  a  database  of  the  specifications  and 
capabilities  of  devices.  This  device  ontology  is  a  catalog  of  currently  released  mobile 
devices.  It  provides  capabilities  of  many  important  areas  of  mobile  devices.  On  the 
hardware  side,  the  device  ontology  contains  slots  for  connection,  memory  and  the  user 
interface.  Additionally,  the  device  ontology  addresses  software  versions  briefly.  While 
this  ontology  provides  for  basic  dissemination,  it  can  be  improved  upon  for  advanced 
reasoning  in  deciding  what  information  can  be  delivered  to  a  device.  Proper  extension 
allows  for  greater  reasoning  capability  and  flexibility.  Specifically,  a  hardware 
description  can  be  extended  to  better  explain  a  device’s  reasoning  capability. 
Additionally,  multiple  slots  can  be  extended  and  better  incorporated  into  the  ontology 
through  transitivity  to  allow  for  more  generalized  reasoning.  [3] 

Enhancements  to  the  FIPA  model  have  allowed  for  advanced  reasoning  about  a  device’s 
capability  to  both  receive  and  transmit  audio.  This  has  prevented  a  device  from 
unnecessarily  sending  a  higher  fidelity  item  than  is  necessary  for  an  intended  destination 
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device.  The  hardware  description  is  extended  by  adding  slots  for  audio  and  video. 
Currently  FIPA’s  device  ontology  only  supports  Boolean  values  for  determining  whether 
or  not  a  device  accepts  input  and  output.  This  is  simply  not  sufficient  for  a  device  that 
will  publish  information.  The  audioDescription  frame  will  satisfy  an  audioinput  and 
audioOutput  slot  of  the  uiDescription.  Audio  description  has  a  value  for  sampling  rate, 
buffer,  and  formats.  Sampling  rate  will  be  a  frequency  value.  Buffer  represents  the 
available  time  for  recording.  Finally,  format  is  a  one  to  many  slot  allowing  for  someone 
to  define  the  formats  the  device  can  record  or  play  (depending  on  whether  the 
audioDescription  instance  satisfies  the  input  or  output  slot).  The  videoDescription  frame 
will  satisfy  two  new  slots  under  ui-description  for  videoinput  and  videoOutput.  This 
frame  is  implemented  similar  to  the  audioDescription.  Slots  in  this  frame  include  format, 
an  integer  fps,  and  input  and  output  audioDe scrip tions  in  case  the  audio  cannot  record 
with  the  same  fidelity  if  the  video  is  recording. 

In  its  current  form,  FIPA’s  device  ontology  handles  units  poorly.  It  does  not  provide  the 
flexibility  or  resources  to  state  that  two  unit  values  are  equivalent.  The  FIPA  model  can 
be  improved  by  developing  a  unit  frame  with  a  literal,  base  unit,  and  multiple  off-the- 
base  unit.  A  unit  frame  can  be  sub-classed  into  similar  appropriate  units  of  measurement 
through  a  transitive  subclassOf  relationship,  (e.g.  FrequencyUnits,  DistanceUnits, 
MemoryUnits).  A  description  will  now  refer  to  a  unit  of  measurement,  by  a  value  and  an 
instance  of  a  unit  or  subclass.  This  join  is  represented  by  the  uni tDe scrip tion  frame. 
These  additional  capabilities  will  allow  a  user  to  extend  an  ontology  to  require  specific 
types  of  units  to  satisfy  a  value.  The  value  can  then  be  reasoned  over  as  described 
previously  to  allow  comparison  of  values  as  well  as  calculations  of  requirements. 

2.4-Data  Ontology  Database 

The  data  ontology  database  contains  the  format  and  protocol  information  about  all  data 
used  in  this  system.  The  data  ontology  maps  fields,  metadata,  and  other  information 
describing  the  contents  of  the  data  to  a  common  schema  so  individual  components  of  the 
data  can  be  extracted  as  necessary.  This  component  allows  only  a  subset  of  the  original 
data  fields  to  be  sent  to  the  device  and  avoids  overwhelming  devices  that  have  limited 
capabilities.  Used  in  conjunction  with  the  device  ontology,  the  data  ontology  is  a  critical 
component  in  determining  how  to  present  the  information  to  the  user. 

3  -  Information  delivery  across  multiple  security  levels 

Another  main  focus  of  this  technology  is  the  ability  to  navigate  through  different  security 
levels.  In  order  to  handle  varying  security  levels  in  an  open  environment,  considering 
almost  all  mobile  devices  communicate  on  a  non-secure  network,  the  implementation  of  a 
secure  one-way  transfer  capability  is  necessary.  This  will  allow  messages  to  be  sent  from 
a  “high- security”  network  to  a  “low-security”  network,  and  vice  versa.  As  part  of  the 
system,  a  security  database  is  required  to  store  the  user’s  security  information  as  well  as  a 
security  sanitizer  process.  In  addition  to  incorporating  a  secure  mobile  device,  several 
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aspects  of  the  application  program  should  have  the  ability  to  communicate  with  several 
devices,  and  be  able  to  send  several  different  types  of  data.  The  system  must  be  robust 
and  flexible  in  order  to  work  in  many  different  scenarios.  Incorporating  multi-level 
security  will  enable  users  to  see  only  data  that  is  within  their  security  clearance  level. 
Users  that  have  access  to  a  secure  mobile  device  (e.g.  SME-PED)  will  be  able  to  send  and 
receive  secure  transmissions  in  the  field.  Users  who  have  non-secure  devices  will  receive 
a  filtered  version  of  the  secure  message.  This  capability  is  extremely  useful  for  the 
Intelligence  Community,  military  and/or  DoD  organizations  that  inherently  require  access 
to  multi-level  security  information,  but  still  must  get  data  to  users  in  a  timely  manner. 


The  idea  is  to  ensure  that  the  system  works  in  secure  environments  that  have  multi-level 
security  associated  with  classified  data,  such  as  any  of  the  agencies  in  the  Intelligence 
Community  (IC).  It  is  essential  that  the  system  incorporate  the  ability  to  move  across 
security  domain  both  low  to  high  and  high  back  down  to  low.  An  ideal  application  would 
facilitate  a  one-way  transfer  across  security  domains,  allowing  email,  web  site  content, 
and  other  open  source  information  to  be  passed  into  secure  networks.  This  allows  for  a 
one-way  transfer  of  non-secure  data  to  secure  internal  domains.  The  Low-to-High 
capability  is  currently  being  used  in  the  IC  and  has  been  accredited  at  Protection  Level  4. 
The  Directory  File  Transfer  System  has  been  accredited  at  Evaluation  Assurance  Level  4. 
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The  significance  of  moving  data  from  the  “high”  side  to  the  “low”  side  may  be  more  of  a 
policy  issue  than  a  technical  issue. 


Figure  4:  Example  Scenario  -  Automatic  Real-Time  Alerting  Scenario 


Figure  4  illustrates  an  example  of  how  an  architecture  such  as  this  is  utilized  to  perform 
real-time  alerting.  This  capability  can  send  data  to  every  user  in  the  system,  or  to  a 
specified  user. 

1 .  The  new  data  is  annotated  with  a  standard  set  of  markup  tags  describing  the 
information,  origin,  format,  and  summary  of  the  data. 

2.  An  agent  registers  the  new  report  in  the  Object  Catalog. 

3.  An  agent  compares  the  new  report  to  the  information  needs  identified  by  users  in 
the  Subscription  Information  Database  to  locate  users  who  requested  an  alert  be 
sent,  and  on  which  device. 

4.  An  agent  triggers  other  agents  to  begin  delivery  of  the  alerts. 

5.  An  agent  gathers  device  information  for  each  user  and  communication 
information  for  the  data. 

6.  An  agent  sends  the  alerts  through  the  Data  Translator  Process,  and  Protocol 
Translator  Process  to  adjust  content,  format,  and  protocol  as  specified. 

7.  The  alert  appears  on  the  users’  devices  in  the  appropriate  format.  A  notice  of  the 
delivery  is  sent  to  the  Delivery  Log. 
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Scenario  1  -  When  military  forces  are  working  with  NATO  and/or  other  allies,  these  allies  may  only 
be  cleared  for  certain  levels  of  Information.  If  national  level  Intelligence  is  passed  to  troops  in  the 
field  at  a  Top  Secret  level,  they  may  only  be  able  to  send  Secret  level  information  to  their  NATO 
allies.  This  information  could  be  sent  at  the  Secret  level  to  a  handheld  device,  even  though  it  was 
originated  at  the  Top  Secret  level.  This  information  would  also  be  tailored  to  fit  those  devices  to 
speed  up  the  transfer  of  data  and  expedite  the  planning  and  execution  of  the  mission. 

Scenario  2  -  Occasionally,  force  units  in  the  field  are  not  cleared  to  the  same  level  as  the 
information  needed  to  complete  their  missions.  Top  Secret  information  sent  to  Intelligence  forces 
often  has  to  be  downgraded  to  be  broadcast  to  units  in  the  field.  With  the  help  of  a  managed 
information  system  on  hand  held  devices,  actionable  intelligence  can  be  downgraded  and  passed  to 
those  units  in  a  timely  manner  to  expedite  operations.  To  illustrate  this,  forces  are  conducting 
counter-insurgency  operations  and  detain  a  possible  suspect.  Much  of  the  intelligence  gathered  on 
this  person  may  be  at  the  TS  level,  but  Secret  level  information  could  be  sent  quickly  to  these  units  on 
their  handheld  devices  to  correctly  verify  whether  or  not  this  is  a  person  of  interest. 

Scenario  3  -  The  ability  to  pass  large  amounts  of  data  on  a  hand  held  device  has  been  hindered  by 
bandwidth  and  processing  speeds  in  the  past.  An  outstanding  example  of  the  benefits  of  an 
information  system  that  can  manage  large  transfers  of  data  in  a  military  domain,  would  be  a 
reconnaissance  operation.  The  ability  to  process  imagery  intelligence  would  help  analysts  identify 
potential  suspect  movement  or  enemy  equipment  and  artillery  movement.  In  the  past,  the  time  it 
took  to  transfer  imagery  data  of  suitable  quality  was  unacceptable.  Using  hand  held  devices  and  a 
user-centered  intelligent  dissemination  platform,  actionable  intelligence  would  be  available  to  the 
reconnaissance  units  in  a  timely  manner. 

Figure  5:  Application  to  Military  Operations  Scenarios 


4  -  Conclusions 

In  conclusion,  it  may  soon  be  possible  to  disseminate  information  to  multiple  devices 
using  multiple  service  providers  and  implementing  the  device,  data  and  connection 
ontologies.  Most  importantly,  the  possibility  of  doing  this  without  adding  any  special 
software  or  hardware  to  the  user’s  device  may  help  speed  the  transition  to  this 
technology.  A  user  will  be  able  log  into  the  system  and  immediately  add  her  devices  to 
the  system  and  begin  sending  and  receiving  information.  This  design  allows  for  the 
system  to  be  available  immediately  to  any  user  with  any  device;  no  proprietary  hardware 
and/or  software  restrictions  placed  on  the  device.  This  paradigm  would  not  require  users 
of  the  system  to  purchase  specific  devices  in  order  to  communicate  with  each  other. 

An  important  research  finding  was  that  when  defining  a  device  ontology,  equal  attention 
should  be  paid  to  the  service  provider  and/or  client’s  properties.  Important  device 
properties  include  available  memory,  sampling  rate,  and  video  resolution.  Additionally, 
it  is  important  to  know  the  limitations  of  the  service  provider,  for  example  encryption 
type,  data  size  limitation,  etc.  Each  service  provider  differs,  regardless  if  the  device  is  the 
same.  Another  finding  is  that  it  is  possible  to  enhance  the  device  ontologies  that  are 
available  which  will  allow  for  advanced  reasoning  about  a  device’s  capability  to  both 
receive  and  transmit  audio. 
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The  ability  to  securely  manage  and  deliver  critical  knowledge  and  actionable  intelligence 
to  the  analyst  regardless  of  device  configuration  (bandwidth,  processing  speed,  etc.), 
classification  level  or  location  in  a  reliable  manner,  would  provide  the  analyst  24/7  access 
to  useable  information.  As  illustrated  in  the  many  scenarios  addressed  in  this  paper, 
military  success  can  be  enhanced  through  the  implementation  of  an  intelligent 
information  dissemination  system. 
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